1cb731cbdb
refactor(drivers): organize backup modules into drivers subfolder
...
lint / docker (push) Has been cancelled
- Move all backup_*.py files to libtisbackup/drivers/ subdirectory
- Move XenAPI.py and copy_vm_xcp.py to drivers/ (driver-specific)
- Create drivers/__init__.py with automatic driver imports
- Update tisbackup.py imports to use new structure
- Add pyvmomi>=8.0.0 as mandatory dependency
- Sync requirements.txt with pyproject.toml dependencies
- Add pylint>=3.0.0 and pytest-cov>=6.0.0 to dev dependencies
- Configure pylint and coverage tools in pyproject.toml
- Add conventional commits guidelines to CLAUDE.md
- Enhance .gitignore with comprehensive patterns for Python, IDEs, testing, and secrets
- Update CLAUDE.md documentation with new structure and tooling
Breaking Changes:
- Drivers must now be imported from libtisbackup.drivers instead of libtisbackup
- All backup driver files relocated to drivers/ subdirectory
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 23:54:26 +02:00
38a0d788d4
feat(auth): install all authentication providers by default
...
lint / docker (push) Waiting to run
All authentication methods (Basic Auth, Flask-Login, OAuth) are now
installed as core dependencies instead of optional extras. This
simplifies setup and eliminates the need to run `uv sync --extra auth-*`
when switching between authentication methods.
Changes:
- Move authlib, bcrypt, and flask-login to core dependencies
- Remove auth-* optional dependency groups from pyproject.toml
- Update documentation to remove installation instructions
- Simplify troubleshooting and migration guides
Benefits:
- No import errors when switching auth methods
- Simpler user experience
- All providers available out of the box
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 21:17:30 +02:00
f12d89f3da
feat(auth): add pluggable authentication system for Flask routes
...
Implement comprehensive authentication system with support for
Basic Auth, Flask-Login, and OAuth2 providers.
Features:
- Pluggable architecture via factory pattern
- Multiple authentication providers:
* None: No authentication (development/testing)
* Basic Auth: HTTP Basic with bcrypt support
* Flask-Login: Session-based with multiple users
* OAuth2: Google, GitHub, GitLab, and generic providers
- Decorator-based route protection (@auth.require_auth)
- User authorization by domain or email (OAuth)
- bcrypt password hashing support
- Comprehensive documentation and examples
Components:
- libtisbackup/auth/__init__.py: Factory function and exports
- libtisbackup/auth/base.py: Base provider interface
- libtisbackup/auth/basic_auth.py: HTTP Basic Auth implementation
- libtisbackup/auth/flask_login_auth.py: Flask-Login implementation
- libtisbackup/auth/oauth_auth.py: OAuth2 implementation
- libtisbackup/auth/example_integration.py: Integration examples
- libtisbackup/auth/README.md: API reference and examples
Documentation:
- AUTHENTICATION.md: Complete authentication guide
* Setup instructions for each provider
* Configuration examples
* Security best practices
* Troubleshooting guide
* Migration guide
- samples/auth-config-examples.ini: Configuration templates
Dependencies:
- Add optional dependencies in pyproject.toml:
* auth-basic: bcrypt>=4.0.0
* auth-login: flask-login>=0.6.0, bcrypt>=4.0.0
* auth-oauth: authlib>=1.3.0, requests>=2.32.0
* auth-all: All auth providers
Installation:
```bash
# Install specific provider
uv sync --extra auth-basic
# Install all providers
uv sync --extra auth-all
```
Usage:
```python
from libtisbackup.auth import get_auth_provider
# Initialize
auth = get_auth_provider("basic", {
"username": "admin",
"password": "$2b$12$...",
"use_bcrypt": True
})
auth.init_app(app)
# Protect routes
@app.route("/")
@auth.require_auth
def index():
user = auth.get_current_user()
return f"Hello {user['username']}"
```
Security features:
- bcrypt password hashing (work factor 12)
- OAuth domain/user restrictions
- Session-based authentication
- Clear separation of concerns
- Environment variable support for secrets
OAuth providers supported:
- Google (OpenID Connect)
- GitHub
- GitLab
- Generic OAuth2 provider
Breaking change: None - new feature, backward compatible
Users can continue without authentication (type=none)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 02:02:46 +02:00
2533b56549
feat(security): modernize SSH key algorithm support with Ed25519
...
Replace deprecated DSA key support with modern SSH key algorithms,
prioritizing Ed25519 as the most secure option.
Changes:
- Add load_ssh_private_key() helper function in common.py
- Support Ed25519 (preferred), ECDSA, and RSA key types
- Remove deprecated and insecure DSA key support
- Update all SSH key loading across backup drivers:
* common.py: do_preexec, do_postexec, run_remote_command
* backup_mysql.py
* backup_pgsql.py
* backup_sqlserver.py
* backup_oracle.py
* backup_samba4.py
- Add ssh_port parameter to preexec/postexec connections
- Update README.md with SSH key generation instructions
- Document supported algorithms and migration path
Algorithm priority:
1. Ed25519 (most secure, modern, fast, timing-attack resistant)
2. ECDSA (secure, widely supported)
3. RSA (legacy support, requires 2048+ bits)
Security improvements:
- Eliminates vulnerable DSA algorithm (1024-bit limit, FIPS deprecated)
- Prioritizes elliptic curve cryptography (Ed25519, ECDSA)
- Provides clear error messages for unsupported key types
- Maintains backward compatibility with existing RSA keys
Documentation:
- Add SSH key generation examples to README.md
- Update expected directory structure to show Ed25519 keys
- Add migration notes in SECURITY_IMPROVEMENTS.md
- Include key generation commands for all supported types
Breaking change:
- DSA keys are no longer supported and will fail with clear error message
- Users must migrate to Ed25519, ECDSA, or RSA (4096-bit recommended)
Migration:
```bash
# Generate new Ed25519 key
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
# Copy to remote servers
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote
```
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 01:39:17 +02:00
debc753f13
fix(security): replace os.popen/os.system with subprocess for command injection prevention
...
Replace all deprecated and unsafe command execution methods with
secure subprocess.run() calls using list arguments.
Changes:
- Replace os.popen() with subprocess.run() in tisbackup_gui.py
- Replace os.system() with subprocess.run() in tasks.py and backup_xva.py
- Add input validation for device/partition names (regex-based)
- Fix file operations to use context managers (with statement)
- Remove wildcard import from shutil
- Add timeout protection to all subprocess calls (5-30s)
- Improve error handling with proper try/except blocks
Security improvements:
- Prevent command injection vulnerabilities in USB disk operations
- Validate device paths with regex before system calls
- Use list arguments instead of shell=True to prevent injection
- Add proper error handling instead of silent failures
Code quality improvements:
- Replace deprecated os.popen() (deprecated since Python 2.6)
- Use context managers for file operations
- Remove wildcard imports for cleaner namespace
- Add comprehensive error handling and logging
Documentation:
- Add SECURITY_IMPROVEMENTS.md documenting all changes
- Document remaining security issues and recommendations
- Include testing recommendations and migration notes
BREAKING CHANGE: None - all changes are backward compatible
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-05 01:23:53 +02:00
586991bcf1
fix(tisbackup): fix iniparse wrong check
lint / docker (push) Has been cancelled
2025-04-14 23:37:16 +02:00
ddb5f3716d
Fix replace
lint / docker (push) Successful in 9m16s
2025-03-07 22:54:14 +01:00
b805f8387e
Fix re.compile / re.match warnings
lint / docker (push) Has been cancelled
2025-03-07 22:51:20 +01:00
737f9bea38
fix iniparse
...
lint / docker (push) Successful in 9m14s
fix code passing ruff linter
pre-commit ruff
pre-commit ruff format
2024-11-29 23:45:40 +01:00
7fcc5afc64
EOF & whitespace
2024-11-29 00:54:09 +01:00
99dc6e0abf
fix import
2024-11-28 23:46:48 +01:00
roondar
b9a3ad755a
fix: Not use binary string in subprocess command
2023-03-08 17:58:06 +01:00
Francois PINOT
c74cc3802b
Set errors=ignore in the decode method, to avoid utf-8 codec errors on filenames with non-ascii characters
2022-12-26 14:02:49 +01:00
htouvet
bc4b9811ed
migrate to Python3 (from alejeune)
2022-04-25 10:02:43 +02:00
Kévin Guérineau
d079b542be
comment DSSKey and add ed25519
2020-11-20 14:13:27 +01:00
Vincent MAUGER
82ca9dfa35
changement du path btrfs
2020-11-20 14:13:25 +01:00
Jeremie Courreges-Anglas
26c45f3fe6
Stoopid unicode
2020-11-20 14:11:17 +01:00
Jeremie Courreges-Anglas
5a1e984a0b
Use pg_dump -Z to compress the output on the fly
...
Less temp files overhead, less space used in tmp_dir, and less code.
-Z is supported since PostgreSQL 7.1.
2020-11-20 14:11:16 +01:00
Jeremie Courreges-Anglas
e2c0e7e516
Respect tmp_dir, fixes temp files removal
2020-11-20 14:11:15 +01:00
Yohannès ALEMU
8aa63dbdd4
bug with written_files_count in backup rsync+ssh module
2019-01-03 15:47:22 +01:00
htouvet
e701575525
typo in gzipped pgsql dump filename
2018-02-21 09:38:52 +01:00
htouvet
b082796a87
fix register_existingbackups
...
fix tmp gzip for pgsqldump
2018-02-09 09:55:33 +01:00
htouvet
c29ad67075
ajout paramètres tmp_dir = '/tmp' et encoding = 'UTF8' pour le driver backup pgsql
2018-02-06 15:21:55 +01:00
htouvet
1190eb4d9d
Take per section maximum_backup_age in account
2018-01-30 12:29:16 +01:00
ssamson-tis
076c07ff24
Overwrite gzip file
2017-09-21 14:34:07 +02:00
ssamson-tis
5e20cfffcc
fix wrong network label
2017-08-17 17:35:23 +02:00
ssamson-tis
2853903232
Fix export xva with Xenserver > 7.1
2017-07-24 18:23:15 +02:00
ssamson-tis
ce758e8129
fix DGS1210
2016-10-04 15:56:20 +02:00
ssamson-tis
32cef28497
add DGS1510
2016-10-04 14:21:59 +02:00
ssamson-tis
221f666ebd
ssh ne doit pas demander interactivement de mot de passe, meme si la cle n'est pas bonne.
2016-05-12 12:14:13 +02:00
ssamson-tis
0e3892b755
remove duplicate coe
2016-04-14 14:32:04 +02:00
ssamson-tis
f624d28f28
faire le backup xen-metadata avec une clef ssh plutôt qu'avec le mdp
2016-04-14 14:25:39 +02:00
ssamson-tis
c08bbd165b
- no need to logout
2016-03-04 17:29:02 +01:00
ssamson-tis
9465eb4c03
- add xen-password file with export pool-metadata
2016-02-08 14:24:34 +01:00
ssamson-tis
76f73416f0
- add xen-password file with export pool-metadata
2016-02-08 12:34:00 +01:00
ssamson-tis
411e287420
- fix import
2015-12-23 16:06:11 +01:00
ssamson-tis
81e1676ad8
- add backup Samba4 support
2015-12-23 15:27:36 +01:00
ssamson-tis
3d9bd21a7b
Revert "Revert "- fix use_compression""
...
This reverts commit 3a6b93c85d
2015-12-23 11:43:28 +01:00
ssamson-tis
3a6b93c85d
Revert "- fix use_compression"
...
This reverts commit f88c9d1d06
2015-12-23 11:42:55 +01:00
ssamson-tis
f88c9d1d06
- fix use_compression
2015-10-30 15:19:47 +01:00
ssamson-tis
dc53354ea2
- Suppress warning output
...
- Escape special character
2015-10-30 10:53:38 +01:00
ssamson-tis
e8708f1efa
Delete timeout with use_compression
2015-10-20 10:22:40 +02:00
ssamson-tis
55c92f0025
fix good destination vm parameter
2015-10-16 17:50:05 +02:00
ssamson-tis
a11396af41
Disable automatic boot for copies vm
2015-10-16 17:12:04 +02:00
ssamson-tis
44a4b5ea15
remove leading character in postgres databases
2015-09-30 16:28:34 +02:00
ssamson-tis
fe4081c7d3
change method to list all postgres databases
2015-09-30 16:14:25 +02:00
ssamson-tis
169602758e
Postgres database is optional
2015-09-24 16:57:49 +02:00
ssamson-tis
b248df8194
Merge branch 'master' of srvdev:tisbackup
2015-09-14 16:34:14 +02:00
ssamson-tis
9d4456faa4
add shutdown option do copy_vm_xcp
2015-09-14 16:33:31 +02:00
htouvet
e26612d2cf
added backup switch CISCO (tested on our 3750 only...)
...
backup running config and vlan config
2015-09-01 17:17:28 +02:00
